Navy cyber leader expects proactive capabilities this year

Fragile, antiquated networks and a departmental inability so far to fully grasp the idea of a network domain as battlespace are slowing establishment of formal military cyber operations. Still, concrete benchmarks of progress are close, with transformational capabilities expected as soon as this year, according to one senior Defense Department official.

“We’ve begun to get our arms around the domain and the problem set, but anyone who thinks there’s a quick fix for cyber defense is mistaken,” said Vice Adm. Bernard McCullough, commander of the Navy Fleet Cyber Command. McCullough delivered an update on the command's progress at the Center for Strategic and International Studies on April 5.

The military is "traditionally reactive and static, but we need to be proactive, dynamic and predictive,” he said. He estimated his command will achieve what he terms a proactive defense stance by October this year, and have predictive capabilities by fiscal 2012. He did not elaborate on technological details of the new capabilities.

In order to fully integrate cyber security and military operations in cyberspace, service members working in that domain must define a baseline, or “normal,” landscape that accurately reflects when something is amiss – and when defense is needed.

“We have no idea what normal is,” McCullough said. “We have to start seeing the network as a weapons system, and the domain as the battlefield. We cannot continue to rely on kinetic capabilities and capacity. It puts us on the wrong side of the curve by a factor of four.”

And replacing obsolete equipment, developing the information-sharing culture in DOD and transitioning the operational framework from traditional military operations to network defense are also challenges, McCullough said.

“We’ve got systems that are older than they should be, and don’t do what they should do,” he said, calling for better lifecycle management for network systems.

To get a clear view of all of the obstacles the Navy, which operates a large share of military information networks, McCullough said he spent the better part of two months visiting naval components all over the world.

“You never get a better assessment than when you sit down at a table with a subordinate eyeball to eyeball,” he said. “People will tell you the damnedest things.”

In visiting 20 of the 24 subordinate commands, McCullough found that “all the sites are doing great things, but no two are doing it the same. We need standardization. We need certification, operational standards and assessments. You get what you inspect, not what you expect.”

McCullough also spoke to challenges in information sharing, citing issues with trust and confidence in command and control relationships. “If we don’t have assured command and control, nothing else matters. But offense is viewed as the priority by multiple entities,” he said.

The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

Reader comments

Thu, Apr 8, 2010

Perhaps if the various services and unified commands, the DoD agencies, and the rest of the fed gov, would common-service their long-haul infrastructure, it would be easier to defend? The topology would certainly be simpler, probably by an order of magnitude. Lots and lots of small parallel pipes running between the same points in today's world. The contractors will never suggest a rationalization like that, becuase it provides a steady workload for them. Government side won't suggest it- turf and all that. So it keeps getting more and more complicated.

Please post your comments here. Comments are moderated, so they may not appear immediately
after submitting. We will not post comments that we consider abusive or off-topic.